The evolution of ransomware

Ransomware has been dominating the news for several weeks, and is likely to stay in the news for most of the year. Ransomware is a distinct type of cyber attack, in that it extorts payment from the victim in exchange for allowing access to something that was encrypted in the attack. The most prevalent type of malware used in this kind of crime is ‘crypto-ransomware', which normally encrypts the files on the compromised system, and then demands a ransom in return for the ability to decrypt and recover the files. The latest iteration of crypto-ransomware is called Locky, and is the most advanced version of ransomware we have seen in the wild.

Early ransomware disguised itself as spyware removal or PC cleanup applications. These did not rely on encryption, but they damaged the PC and offered to fix the damage upon payment for the application. After a couple of years, these scams gave way to attacks using fake antivirus applications. These fake AV applications were similar to earlier ransomware attempts, but also attempted to trick users into paying for multiple years of support.

Encryption-based ransomware first came into prominence in 2011, in the form of malware that prevented access to the computer system. As defenses and recovery methods improved, ransomware evolved into the crypto ransomware that is so prominent now. There are three variants that currently dominate the crypto ransomware landscape:

The growth of Ransomware-as-a-Service allows low-skilled, inexperienced “hackers” to deploy their own ransomware attack. The service provider gets a percentage of any ransom collected from the victims.

Computers that are already infected with malware may download and install new malware, including ransomware.

The growth in ransomware attacks is expected to continue throughout the year, and expand to other platforms such as Macs, smartphones, and IoT endpoints. Even the most successful iterations of ransomware will evolve to stay ahead of defenses. Users should deploy multiple layers of protection to secure their networks.

Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.

Search this site

Search this website

About Christine Barry

Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.